CompTIA PenTest+ (PT0-002) — Question 455

A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables.
Which of the following should be included as a recommendation in the remediation report?

Answer options

• A. Stronger algorithmic requirements
• B. Access controls on the server
• C. Encryption on the user passwords
• D. A patch management program

Correct answer: A

Explanation

The correct answer is A, as using stronger hash algorithms (like SHA-256) can significantly enhance security against rainbow table attacks. Options B, C, and D involve other security improvements but do not directly address the weakness of using MD5 hashes, which is the primary concern in this scenario.